Large Language Model (LLM)-based Multi-Agent Systems (MAS) have become a popular paradigm of AI applications. However, trustworthiness issues in MAS remain a critical concern. Unlike challenges in single-agent systems, MAS involve more complex communication processes, making them susceptible to corruption attacks. To mitigate this issue, several defense mechanisms have been developed based on the graph representation of MAS, where agents represent nodes and communications form edges. Nevertheless, these methods predominantly focus on static graph defense, attempting to either detect attacks in a fixed graph structure or optimize a static topology with certain defensive capabilities. To address this limitation, we propose a dynamic defense paradigm for MAS graph structures, which continuously monitors communication within the MAS graph, then dynamically adjusts the graph topology, accurately disrupts malicious communications, and effectively defends against evolving and diverse dynamic attacks. Experimental results in increasingly complex and dynamic MAS environments demonstrate that our method significantly outperforms existing MAS defense mechanisms, contributing an effective guardrail for their trustworthy applications. Our code is available at https://github.com/ChengcanWu/Monitoring-LLM-Based-Multi-Agent-Systems.
翻译:基于大语言模型(LLM)的多智能体系统(MAS)已成为人工智能应用的主流范式。然而,MAS中的可信性问题依然是一个关键挑战。与单智能体系统中的问题不同,MAS涉及更复杂的通信过程,使其容易受到腐化攻击。为缓解这一问题,已有多种基于MAS图表示的防御机制被提出,其中智能体表示为节点,通信构成边。然而,这些方法主要集中于静态图防御,试图在固定图结构中检测攻击,或优化具有特定防御能力的静态拓扑。为克服这一局限,我们提出一种针对MAS图结构的动态防御范式,该范式持续监控MAS图中的通信,动态调整图拓扑,精准阻断恶意通信,并有效抵御持续演变且多样化的动态攻击。在日益复杂和动态的MAS环境中进行的实验结果表明,我们的方法显著优于现有的MAS防御机制,为其可信应用提供了有效的安全护栏。我们的代码发布于 https://github.com/ChengcanWu/Monitoring-LLM-Based-Multi-Agent-Systems。
相关内容
微信扫码咨询专知VIP会员